General

  • Target

    05c889d94f90a22433203fe1ae0b826523030bf4bb0bced40c0271ca7b66a804

  • Size

    136KB

  • Sample

    241118-xwrg1ssrcw

  • MD5

    fd2472e6d8af8d7cb27b0f209d267558

  • SHA1

    ceaba85fd6756e780615df6fbcf80092bf6f9912

  • SHA256

    05c889d94f90a22433203fe1ae0b826523030bf4bb0bced40c0271ca7b66a804

  • SHA512

    6ee65c99646fa5ac6bf99fade08ae31fa7f1c8a4ef443397950a7ed06229a817fea00d9bacdeda7cfafc2652a4c54adcce484abdafaa54a898cdf56c6d337cf2

  • SSDEEP

    3072:sr85CU7kc39wfHYTo7HVobLh1JFWQaP1p6:k9LdgT+obd1JFW11p6

Malware Config

Targets

    • Target

      05c889d94f90a22433203fe1ae0b826523030bf4bb0bced40c0271ca7b66a804

    • Size

      136KB

    • MD5

      fd2472e6d8af8d7cb27b0f209d267558

    • SHA1

      ceaba85fd6756e780615df6fbcf80092bf6f9912

    • SHA256

      05c889d94f90a22433203fe1ae0b826523030bf4bb0bced40c0271ca7b66a804

    • SHA512

      6ee65c99646fa5ac6bf99fade08ae31fa7f1c8a4ef443397950a7ed06229a817fea00d9bacdeda7cfafc2652a4c54adcce484abdafaa54a898cdf56c6d337cf2

    • SSDEEP

      3072:sr85CU7kc39wfHYTo7HVobLh1JFWQaP1p6:k9LdgT+obd1JFW11p6

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks